| 1 | <?php |
| 2 | /** |
| 3 | * Smarty plugin |
| 4 | * @package Smarty |
| 5 | * @subpackage plugins |
| 6 | */ |
| 7 | |
| 8 | /** |
| 9 | * determines if a resource is secure or not. |
| 10 | * |
| 11 | * @param string $resource_type |
| 12 | * @param string $resource_name |
| 13 | * @return boolean |
| 14 | */ |
| 15 | |
| 16 | // $resource_type, $resource_name |
| 17 | |
| 18 | function smarty_core_is_secure($params, &$smarty) |
| 19 | { |
| 20 | if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) { |
| 21 | return true; |
| 22 | } |
| 23 | |
| 24 | if ($params['resource_type'] == 'file') { |
| 25 | $_rp = realpath($params['resource_name']); |
| 26 | if (isset($params['resource_base_path'])) { |
| 27 | foreach ((array)$params['resource_base_path'] as $curr_dir) { |
| 28 | if ( ($_cd = realpath($curr_dir)) !== false && |
| 29 | strncmp($_rp, $_cd, strlen($_cd)) == 0 && |
| 30 | substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR ) { |
| 31 | return true; |
| 32 | } |
| 33 | } |
| 34 | } |
| 35 | if (!empty($smarty->secure_dir)) { |
| 36 | foreach ((array)$smarty->secure_dir as $curr_dir) { |
| 37 | if ( ($_cd = realpath($curr_dir)) !== false) { |
| 38 | if($_cd == $_rp) { |
| 39 | return true; |
| 40 | } elseif (strncmp($_rp, $_cd, strlen($_cd)) == 0 && |
| 41 | substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR) { |
| 42 | return true; |
| 43 | } |
| 44 | } |
| 45 | } |
| 46 | } |
| 47 | } else { |
| 48 | // resource is not on local file system |
| 49 | return call_user_func_array( |
| 50 | $smarty->_plugins['resource'][$params['resource_type']][0][2], |
| 51 | array($params['resource_name'], &$smarty)); |
| 52 | } |
| 53 | |
| 54 | return false; |
| 55 | } |
| 56 | |
| 57 | /* vim: set expandtab: */ |
| 58 | |
| 59 | ?> |